Issues comparing two dates in php

Question

For some reason I am having difficulties comparing a previous date and current date. I have tried many different things, and tried to google my way to an answer but with no luck.

This is how my code is..

$phpdate = date("Y-m-d");

$sql = "SELECT lastDailyCollect FROM users WHERE steamid='".$_POST['steamid']."'";
$result = $conn->query($sql);

if ($result->num_rows > 0) {
    while($row = $result->fetch_assoc()) {
        $lastDailyCollect = $row['lastDailyCollect'];
    }
} 

if ($lastDailyCollect == $phpdate) {
//give user error message
}elseif ($lastDailyCollect != $phpdate) {
//let user know it suceeded
}else {
//comparison error
}

I want to check if the user is able to collect a daily bonus. The last collection date of each user is stored in a mysql database, in a table called users. It always goes to the comparison error.

Hope somebody can help.

`if ($lastDailyCollect == $phpdate) {` is outside the `if ($result->num_rows > 0) {` statement so it runs - which would likely generate an error - even if the database query fails. Move all that code inside `if ($result->num_rows > 0) { }` and add something like `else { // Could not find user }` — manassehkatz-Moving 2 Codidact, May 12 '17 at 17:14
In the comparison error, I have it echoing the two dates. It echoes MYSQL: 2017-05-11 PHP: 2017-05-12 — pramsing, May 12 '17 at 17:16
Your code is vulnerable to [**SQL injection**](https://en.wikipedia.org/wiki/SQL_injection) attacks. You should use [**mysqli**](https://secure.php.net/manual/en/mysqli.prepare.php) or [**PDO**](https://secure.php.net/manual/en/pdo.prepared-statements.php) prepared statements with bound parameters as described in [**this post**](https://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php). — Alex Howansky, May 12 '17 at 17:21
I use mysqli. $conn = new mysqli($servername, $username, $password, $dbname); if ($conn->connect_error) { die("Connection failed: " . $conn->connect_error); } Still vulnerable? lastDailyCollect is a DATE — pramsing, May 12 '17 at 17:22
Still Vulnerable? YES! Even [if you are escaping inputs, its not safe!](http://stackoverflow.com/questions/5741187/sql-injection-that-gets-around-mysql-real-escape-string) Use [prepared parameterized statements](http://php.net/manual/en/mysqli.quickstart.prepared-statements.php) — RiggsFolly, May 12 '17 at 17:23
Try comparing it like `if($lastDailyCollect < $phpdate) { //let user know it suceeded } else { //give user error message }` — Ambrish Pathak, May 12 '17 at 17:24
How would I make it not be vulnerable? Doesn't it use mysqli? — pramsing, May 12 '17 at 17:24
Ambrish Pathak I want it to check if the last collect was the previous day. Not just earlier, and not 24 hours. Just not the same day. — pramsing, May 12 '17 at 17:25
RiggsFolly it returns one row. The query finds one user defined by their unique id. — pramsing, May 12 '17 at 17:29
Add this just before the IF `echo "phpdate = $phpdate and lastDailyCollect = $lastDailyCollect";` and show us the result — RiggsFolly, May 12 '17 at 17:31
Also is `lastDailyCollect` a DATE in so far as you created the column as a DATE type or is it a VARCHAR — RiggsFolly, May 12 '17 at 17:32
RiggsFolly, phpdate = 2017-05-12 and lastDailyCollect = 2017-05-11 — pramsing, May 12 '17 at 17:33
Throw an intval() on your $_POST['steamid'] for the sql injection protection. intval($_POST['steamid']) Assuming the ID is always and ONLY an integer. — Danny, May 12 '17 at 17:33
___It always goes to the comparison error___ Well why are you expecting anything else they are **NOT EQUAL !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!** — RiggsFolly, May 12 '17 at 17:40
@RiggsFolly if you look at the code I provided, there's two checks. One checks if they're equal and one checks if they're not equal. And on top of that, there's an else option. it always goes to the else. — pramsing, May 12 '17 at 17:43
To be honest, I have no idea how you would get code to go to your else based on the IF and ELSEIF covering all possible options — RiggsFolly, May 12 '17 at 17:45
@RiggsFolly you're probably not getting the data in the same way I am. $lastDailyCollect from mysql, a DATE. $phpdate from PHP, using date("Y-m-d"). There's no need to try and make a fool of my. Just read the code. — pramsing, May 12 '17 at 17:46
@RiggsFolly Well done. Now you know why this post was made. It doesn't make sense. Which is why I'm asking for help. — pramsing, May 12 '17 at 17:47
If I feed those 2 dates into your IF I get into the `!=` i.e. the `else if` — RiggsFolly, May 12 '17 at 17:48
Maybe you should look closer at what you are reporting in the `elseif` and the `else` I see no possible way of getting to that `else` — RiggsFolly, May 12 '17 at 17:49
Obviously. Your point? I know how to compare two strings. The problem isn't that your code doesn't work, it's that my code doesn't work. You're not getting the data the same way I am. — pramsing, May 12 '17 at 17:50
@RiggsFolly I was thinking it could be two different data types, and that's why it would go to the else, but I've tried to force both of them into strings with (string) and "".$phpdata — pramsing, May 12 '17 at 17:51
You just posted the output from the `echo` I suggested. We can see the 2 strings containing a date. Testing is therefore simple — RiggsFolly, May 12 '17 at 17:51
@RiggsFolly if it was that simple, it would be working, wouldn't it? Clearly it's something else. — pramsing, May 12 '17 at 17:51
Ok, So clearly, you are not showing all of or all of the relevant code. See how to create a [Minimal, Complete and Verifiable example](http://stackoverflow.com/help/mcve) emphasis on Verifiable — RiggsFolly, May 12 '17 at 17:52
Last idea: I have in the past had odd issues like this. In the end I delete the script file and start again. I always put it down to a minimal corruption in the file — RiggsFolly, May 12 '17 at 17:54
@RiggsFolly I'm sure I'm showing all relevant code. Read my previous comment, and let me know your thoughts on that. The one about data types. — pramsing, May 12 '17 at 17:54
@RiggsFolly I listened to your suggestion and tried redoing it. And guess what, it actually seems to work. Makes no sense, since I did everything the same, though with different variable names, and no copying anything over. But seems to work, so thank you. — pramsing, May 12 '17 at 18:15

score 0 · Answer 1 · answered May 12 '17 at 17:59

0

What you can do to check if lastDailyCollect date was previous day by subtracting one day from the current date and storing it in $yesterday then matching if previous date is equal to lastDailyCollect date.

<?php

$date = date("Y-m-d");  //2017-05-12

$lastDailyCollect = "2017-05-11";

$yesterday = date('Y-m-d',strtotime($date . "-1 days")); //2017-05-11

if($lastDailyCollect == $yesterday) {
//give user error message
    echo 'lastDailyCollect is equal to Previous day';
}
else
{
//let user know it suceeded
echo 'lastDailyCollect is not equal to previous day';
}
?>

answered May 12 '17 at 17:59

Ambrish Pathak

3,813
2
15
30

What if there's more than 1 day since last collect? Then this wouldn't work would it? I just want to check if they collected today, and if they didn't, let them do it. – pramsing May 12 '17 at 18:02
1

Then add `else if($lastDailyCollect < $yesterday) { // more than 1 days since they collected }` – Ambrish Pathak May 12 '17 at 18:06
I redid the whole thing in a new file, and did everything in the exact same way, and it worked. No idea what made the difference, but it's working- – pramsing May 12 '17 at 20:58

Issues comparing two dates in php

1 Answers1